Freedom of Information and Protection of Privacy Act (FIPPA)
- Why were hospitals brought under FIPPA?
- When does FIPPA apply to hospitals?
- What is FIPPA?
- What is the purpose of FIPPA?
- What information/records does the Act apply to?
- What is a Freedom of Information (FOI) request?
- What records are not covered by the Act?
- How do I find out what information LHSC has?
- Do I always need to make a formal FOI request in order to obtain hospital information?
- How do I make a FOI request?
- How do I correct my own personal information?
- How do I request my personal health information?
- Who can make a FOI request?
- Is the requestor required to provide a reason for his or her request?
- If I make a request for information or contact the organization about a privacy breach, is my identity protected?
- Can the purpose of the request be used to justify denying access to records?
- When can I expect a response to an FOI request?
- How do I appeal a decision?
Why were hospitals brought under FIPPA?
Access to information held by public institutions is vital to a free and functioning democratic society. LHSC welcomes this step toward a culture of greater transparency and accountability.
When does FIPPA apply to hospitals?
As of January 1, 2012, hospitals are designated as institutions under the Freedom of Information and Protection of Privacy Act (FIPPA). After that date, the public has the right to make a request for access to a wide range of records which came into the custody or control of the hospitals on or after January 1, 2007. There are certain exclusions and exemptions from the right of access.
What is FIPPA?
FIPPA stands for the Freedom of Information and Protection of Privacy Act. As of January 1, 2012, hospitals will be designated as institutions under FIPPA so that, after that date, anyone has the right to make a request for access to a wide range of information held by hospitals.
Access: The purpose of FIPPA is to provide a right of access to information in the custody or under the control of institutions in accordance with the principles that:
- Information held by the government and the broader public sector should be available to the public;
- Limitations on the right of access should be narrow and specific; and,
- Decisions on the disclosure of information should be reviewed independently of the hospital’s control of the information.
Privacy: FIPPA protects the privacy of individuals with respect to personal information about themselves held by institutions and provides individuals with a right of access to the information. These concepts are similar to those the hospital already employs with respect to personal health information under the Personal Health Information Protection Act, 2004.
- Paper and electronic files and documents
- Emails (including those on networks, desktops and personal devices)
- Photographs, video and audio recordings
- Non-final drafts and working notes
- Expense claims/accounts
- Minutes of meetings, agendas, communication books
- Handwritten notes and personal notes
- Spreadsheets and sketches
What is a Freedom of Information (FOI) access request?
An FOI (or access to information) request is an official written request for information form an organization covered by the Freedom of Information and Protection of Privacy Act (FIPPA). Visit the Make a FOI Access Request section for more information.
Personal Health Information is subject to the Personal Health Information Protection Act (PHIPA) legislation and is excluded from FOI legislation. In addition, records subject to the Quality of Care Information Protection Act (QCIPA) are excluded.
Other exclusions include:
- Administrative records of a regulated health professional, re: personal practice
- Records re: operations of a hospital foundation
- Records re: charitable donations made to the hospital
- Records re: the provision of abortion services
- Records re: certain labour relations, employment matters
- Records re: certain appointment, privileging matters
- Certain records respecting or associated with research (including clinical trials)
- Certain records of teaching materials
- Certain records re: ecclesiastical matters
A Directory of Records and Personal Information Banks is available online and contains a list of categories of records and personal information held by LHSC.
Do I always need to make a formal FOI access request in order to obtain hospital information?
Some hospital records may already be available to you without making a request in writing under FIPPA. Browse the hospital website or contact the Freedom of Information Office if you have a question about whether the information may be available without submitting a formal FOI Access Request.
How do I make a FOI request?
FOI access requests must be submitted in writing and accompanied by a fee of $5.00 to the Freedom of Information Office. Visit the Make a FOI Request section for more details.
How do I correct my own personal information?
Visit the Request Access to or Correct Personal Information section for more information on correcting inaccuracies in your personal information held by the hospital.
How do I request my personal health information?
Access to personal health information, such as in a patient’s medical chart, is not available under FIPPA. The Personal Health Information Protection Act (PHIPA) applies to a patient’s medical information and the hospital protects medical information in accordance with PHIPA. You are able to access or correct your own personal health information by contacting the Health Records Department.
Who can make a FOI access request?
Any person, organization or company can make a request for access to general records. A person includes individuals and organizations such as corporations, partnerships and sole proprietorships. The right of access is not limited by citizenship or place of residence. There may be situations where one person represents another individual based on consent or through power conferred on an individual by FIPPA or another Act.
Individuals may submit access requests for their personal information.
Is the requestor required to provide a reason for his or her request?
LHSC is permitted to ask for the purpose of a request if this will assist in identifying the specific records that the requestor is looking for. However, the requestor has no obligation to provide reasons.
If I make a request for information or contact the organization about a privacy breach, is my identity protected?
If you make a request for information or contact an organization about a privacy breach, your identity must not be disclosed to individuals outside of that organization without your consent. Within the organization, your identity may only be disclosed to employees who need the information to perform the duties of their job, and that disclosure must be necessary and proper to carry out the organization’s functions.
Can the purpose of the request be used to justify denying access to records?
No. The purpose of a freedom of information (FOI) request is irrelevant. The requester has a right of access under FIPPA and the purpose of their exercise of that right cannot be used to deny access
When can I expect a response to an FOI access request?
In most cases, you will receive a written response to your FOI access request within 30 days after the form and fees are received. In some cases, it may take longer to receive a response, depending on the size and complexity of the request.
How do I appeal a decision?
LHSC must provide a notice in writing to the requestor if your request for information is denied. Requestors have a right to appeal a decision to the Information and Privacy Commissioner (IPC) of Ontario. The IPC’s website provides more information on how to make an appeal.